In 1977, Rosabeth Moss Kanter, a professor of business management at Harvard Business School, published a study on minorities. Her conclusions reflected a clear correlation between the feminization of a company and its financial results. More recent studies confirm this and show that organizations with 35% or more gender diversity are more productive and successful than their peers. 

The cybersecurity industry ranks among the most important, rewarding, and in-demand professions. However, countries worldwide are struggling to find skilled cybersecurity professionals who can keep up with the rapid rate of digitization and the simultaneous growth of digital hazards.

In particular, women makeup over half of the worldwide workforce and only two out of 10 cybersecurity experts. What’s stopping women professionals to take these jobs?

 A number of factors can explain this gap, including industry perception and culture, societal and family constraints, barriers to entry due to limited digital and cyber literacy, wage gaps, lower earning potential at every level, missed or delayed promotions, and a lower earning potential overall.

“Diversity provides benefits to most industries, it will do the same in the cybersecurity industry. The different perspectives to problem-solving that women bring are increasing innovation and improving business performance,” says Maya Schirmann, a cybersecurity AI/deep learning, SaaS, and telecommunication expert. 

The IT and information security landscape in the Middle East is constantly evolving as more women enter the tech world, but this progress hasn’t been easy for those striving to make it big in cybersecurity. For example, Vectra AI has employed only two women in the 18-member technical team. “This isn’t the company’s fault – year after year, we make efforts to onboard qualified women engineers through partnerships with specialized engineering schools, but the talent pool of women, compared to their male counterparts, is still very small,” says Claire Loffler, Senior Security Engineer at Vectra AI.

According to reports, there is a staffing shortage of nearly three million cybersecurity professionals worldwide. And the problem is expected to worsen as demand increases and the frequency of malicious breaches rises. “By 2022, it is estimated there will be a shortage of 1.8 million information security workers, which illustrates the recruitment difficulties and yet women in cybersecurity remain underrepresented,” adds Loffler. 

The cybersecurity industry is experiencing incredible growth and a significant shortage of talent. “The technology space has a renewed focus on diversity for all underrepresented groups, including women, and many companies are actively seeking to hire people with a range of backgrounds and experiences,” says Janine Seebeck, CEO at BeyondTrust. 

With lucrative opportunities in the cybersecurity industry, women seeking career development and growth must be drawn to the field. “What we do in cybersecurity makes a difference in the world; you will have the potential to impact on individual, corporate and national security, which touches all of our lives,” Seebeck says. 

UNDERSTANDING THE PROBLEM

According to experts, the lack of women working in cybersecurity is related to poor awareness about the profession, wrong media perception, or lack of encouragement. There are still very few female role models in cybersecurity, and many have no idea how to enter this industry, which is dominated by men. “Moreover, TV series or movies where you mainly see hoody-wearing men in basements are not really helping,” Schirmann says. 

Women who pursue cybersecurity careers have the chance to find themselves in a very dynamic environment with continuously evolving challenges and technology. But the benefits also extend to businesses–a theory that is as old as it is relatively unknown.

“However, we must note that women in the cybersecurity workforce are already twice where they were ten years ago. There are various factors affecting the low percentage, including  the wrong perception about the career, lack of awareness, and sometimes lack of support from the families. With increasing awareness, there are support groups, local and international organizations, and internal programs within the companies to support diversity and inclusion.”   

“As such, it is incumbent on universities, enterprises, and states to develop ways to increase awareness of cybersecurity amongst women, erase negative perceptions around IT/security being a male-dominated field and develop mentorship programs,” Loffler adds. 

CLOSING THE GAP

According to a recent study that focused on the gender divide in the industry, over 90% of female undergraduates in STEM courses in the Middle East would consider pursuing a degree in cybersecurity. 

With 88% of women admitting knowledge of cybersecurity programs available at their schools, the region also leads in cybersecurity awareness.

“When it comes to closing the gap, organizations can start by investing in mentorship programs, but also by giving women already in cyberspace a voice to share their experiences, be that in the media, among peer groups within the company, or when visiting schools to talk about their careers to breakdown the stereotypes of a male-dominated sector.”

“But of course, this gender gap requires other ecosystem players to make contributions as well. Initiatives at the organization level need to be complemented and reinforced by state actions, and the 100 million coders program in the UAE is a great example of this,” Loffler says. 

“It is interesting to see women are making a mid-career shift to cyberspace. It is important to employ these talented women too. Otherwise, future generations may lose interest in entering into this industry if they find that they are less welcomed despite there being plenty of opportunities,” says Irene Corpuz, co-founder at Women in Cyber Security Middle East.  

According to Seebeck, the first step in closing the gap is an honest assessment of how an organization is doing in this area. “Next, you must have a focused effort and programs across the organization to build a diverse talent pipeline, from entry-level to the C-suite. We are actively working to close the gender gap through not only intentional recruiting efforts but also by proactively working to identify and develop women for advancement to mid-level and senior management roles.” 

According to experts, cybersecurity firms can also partner with universities and high schools that offer STEM programs to find women candidates. They can offer internships and mentorships to the students by their women employees. “Cybersecurity companies should build an inclusive environment, address the gender pay gap, and promote various skill sets. Not all cybersecurity jobs are technical, there is a diversity of jobs that can be filled, and the firms should extend their search beyond the traditional STEM-related positions,” says Schirmann.

Compared to 2020 levels, cyber attacks increased by a whopping 71% in the UAE in 2021. According to a survey by Cybereason, 84% of UAE companies paid the ransom in these attacks, which is more than 20% higher than the global average. Of the companies that paid, 90% experienced a second ransomware attack and 59% found their data corrupted.

In 2021, Saudi Arabia’s oil-producing giant Aramco was forced to pay a ransom of $50 million after a cyber extortionist claimed to have seized troves of its data which was leaked through a contractor. 

“With cyber threats on the rise and attacks getting more and more sophisticated, stopping the attackers is no longer a question of who your team members are in terms of gender, but is more reliant on what skills you and your team possess,” Corpuz says.